Patch/Configuration Management

Over a Dozen Serious Veeam Vulnerabilities Addressed

Credit: Adobe Stock Images

SC Media reports that updates have been released by Veeam to remediate 18 significant flaws impacting several of its products, five of which are critical in severity.

Most serious of the patched vulnerabilities are a pair of issues affecting the Veeam Service Provider Console, tracked as CVE-2024-38650 and CVE-2024-39714, which could be exploited to facilitate VSPC server account's NTLM hash and allow arbitrary file uploads, respectively. Veeam also fixed a critical unauthenticated remote code execution bug in Veeam Backup & Replication, tracked as CVE-2024-40711, which could be leveraged to facilitate total system hijacking, with the company refusing to provide technical details due to its potential exploitation in ransomware attacks.

Also addressed by the firm were a pair of critical flaws in Veeam ONE, tracked as CVE-2024-42024 and CVE-2024-42019. More than a dozen high-severity vulnerabilities, including those that are in VSPC, Veeam Backup for Nutanix AHV, Veeam Agent for Linux, and Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization have also been fixed.

You can skip this ad in 5 seconds

Cookies

This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.